<?php

/**
 * UserIdentity represents the data needed to identity a user.
 * It contains the authentication method that checks if the provided
 * data can identity the user.
 */
class UserIdentity extends CUserIdentity
{
    private $id;

    /**
     * Authenticates a user.
     * The example implementation makes sure if the username and password
     * are both 'demo'.
     * In practical applications, this should be changed to authenticate
     * against some persistent user identity storage (e.g. database).
     * @return boolean whether authentication succeeds.
     */
    public function authenticate()
    {
        $ldap_host = Constant::LDAP_HOST;
        $ldap_usr_dom = Constant::LDAP_USER_DOM;
        $ldap_dn = Constant::LDAP_DN;
        $ldap_manager_group = Constant::LDAP_MANAGER_GROUP;
        $ldap_user_group = Constant::LDAP_USER_GROUP;

        // using user ldap
        // connect to active directory
        $ldap = ldap_connect($ldap_host);

        // verify user and password
        if($bind = @ldap_bind($ldap, $this->username . $ldap_usr_dom, $this->password)) {
            // valid
            // check presence in groups
            $filter = "(sAMAccountName=" . $this->username . ")";
            $attr = array("memberof");
            $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
            //var_dump($result);
            //echo $result;
            $entries = ldap_get_entries($ldap, $result);
            //var_dump($entries);
            ldap_unbind($ldap);
//            Common::debugdie($entries);

            if (isset($entries) && isset($entries[0]) && isset($entries[0]['memberof'])) {
                // check groups
                foreach($entries[0]['memberof'] as $grps) {
                    // is manager, break loop
                    if (strpos($grps, $ldap_manager_group)) {
                        $access = Constant::ROLE_ADMIN; break;
                    }
                    // is user
                    if (strpos($grps, $ldap_user_group)) $access = Constant::ROLE_ANALYST;
                }

                $this->id = $access;
                $this->setState('isAdmin', $access);
                $this->setState('roles', $access);
                $this->setState('id', $access);
                $this->setState('lastname', '');
                $this->setState('firstname', $this->username);
                $this->setState('username', $this->username);

                $this->errorCode = self::ERROR_NONE;
            } else {
                $this->errorCode = self::ERROR_USERNAME_INVALID;
            }

        } else {
            $this->errorCode = self::ERROR_USERNAME_INVALID;
        }

        return !$this->errorCode;
        /*
        $adminObj = Admin::model()->findByAttributes(array('username'=>$this->username));
        if($adminObj===null)
            $this->errorCode = self::ERROR_USERNAME_INVALID;
        else if(Admin::encrypt($this->password)!==$adminObj->password)
            $this->errorCode = self::ERROR_PASSWORD_INVALID;
        else {
            $this->id=$adminObj->id;
            $this->setState('isAdmin', $adminObj->id);
            $this->setState('roles', $adminObj->id_profile);
            $this->setState('id', $adminObj->id);
            $this->setState('lastname', $adminObj->lastname);
            $this->setState('firstname', $adminObj->firstname);
            $this->setState('username', $adminObj->username);

            $this->errorCode=self::ERROR_NONE;
        }
        return !$this->errorCode;
        */
    }

    /**
     * @return integer the ID of the user record
     */
    public function getId()
    {
        return $this->id;
    }


}